<?php
session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = $_SESSION['user'];

if(!isset($_GET['id']))
	header("Location: home.php");

$order = mysql_real_escape_string($_GET['id']);

$summary = "Order flagged for admin review.";

mysql_query("INSERT INTO ticket (user, order_record, summary) VALUES ($user, $order, '$summary')");
$id = mysql_insert_id();

header("Location: ticket.php?id=".$id);
?>